Subscription to the full report on a daily basis can be obtained:
Send an eMail to dhsdailyadmin@mail.dhs.osis.gov with the subject "DHS Daily Open Source Infrastructure Report" and the following line in the body...subscribe.
To obtain a complete copy of the current report proceed to the DHS link below.
To obtain reports more than 10 business days old, send an eMail to DHS_Reports@e-computer-security.com. Be specific as to the reports you wish to receive.

• A snow storm February 1 forced the cancellation of
hundreds of flights in the Denver area, closed part of Interstate 70 in Eastern
Colorado, and caused a pileup on Interstate 80 in Nevada due to whiteout
conditions. – Associated Press

7. February
2, Associated Press – (National) Colorado snowstorm sets stage for slick
conditions. A snow storm February 1 forced the cancellation of a third of
the flights traveling out of the Denver International Airport as well as the
closure of Interstate 70 in Eastern Colorado due to whiteout conditions. The
snowy weather also caused a pileup on Interstate 80 in Nevada and heavy winds
in Southern California knock down power poles and trees, killing one driver. Source: http://www.chicagotribune.com/news/weather/sns-bc-us--severe-weather-20160202-story.html

• The U.S. Centers for Disease Control and Prevention
announced February 1 that 2 separate E. coli outbreaks at Chipotle Mexican
Grill, Inc., were over following a Federal investigation. – CNBC; Associated
Press

14. February 1, CNBC;
Associated Press – (National) CDC declares Chipotle-linked E. coli
outbreak over. The U.S. Centers for Disease Control and Prevention
announced February 1 that 2 separate E. coli outbreaks at Chipotle Mexican
Grill, Inc., which sickened 60 people across 14 States, were over following a
Federal investigation. Officials were unable to identify the ingredient
responsible for the contamination. Source: http://www.cnbc.com/2016/02/01/cdc-declares-chipotle-linked-e-coli-outbreak-over.html

• Neiman Marcus Group reported that approximately 5,200
online customer accounts were compromised February 2 after hackers used stolen
credentials from other breached organizations to abuse the company’s database
and make unauthorized purchases. – SecurityWeek

26. February 2,
SecurityWeek – (International) Neiman Marcus says hackers breached
customer accounts. Neiman Marcus Group reported that approximately 5,200
online customer accounts which stored customers’ personal contact information,
last four digits of credit card numbers, and purchase history were compromised
February 2 after hackers used stolen credentials from other breached organizations
to abuse the company’s database and make unauthorized purchases on Neiman
Marcus Web sites. The luxury retail store is investigating the incident and
notified its customers the week of January 25 of the breach. Source: http://www.securityweek.com/neiman-marcus-says-hackers-breached-customer-accounts

• Landry’s Incorporated reported February 1 that its
payment processing system was compromised at several of its locations after the
company found a malicious program installed onto its payment processing
systems. – KPLC 7 Lake Charles

27. February 2, KPLC 7
Lake Charles – (Louisiana) Data breach at Golden Nugget may affect you. Landry’s
Incorporated reported February 1 that its payment processing system was
compromised at several of its locations including the Golden Nugget Casino in
Lake Charles, Louisiana after the company found a malicious program installed
onto its payment processing systems at its restaurants, food and beverage
outlets, spas, entertainment destinations, and managed properties. The company
has implemented enhanced security measures to mitigate future breaches and
advised customers to monitor their bank accounts for any suspicious activity. Source:
http://www.kplctv.com/story/31114015/data-breach-at-golden-nugget-may-affect-you

Financial Services Sector

5. February 1, U.S. Drug
Enforcement Administration – (International) DEA and European
authorities uncover massive Hizballah drug and money laundering scheme. The
U.S. Drug Enforcement Administration (DEA) announced February 1 significant
enforcement activity including the arrests of top leaders of the European cell
of the Lebanese Hizballah’s External Security Organization Business Affairs
Component (BAC) as part of Project Cassandra, an ongoing global investigation
that involves law enforcement agencies in seven countries, which found that the
network participates in international criminal activities such as drug
trafficking cocaine to European and U.S. drug markets, laundering drug proceeds
through the Black Market Peso Exchange, and using the proceeds to provide
revenue and a weapons stream for Hizballah’s activities in Syria and worldwide.
Source: http://www.dea.gov/divisions/hq/2016/hq020116.shtml

Information Technology Sector

22. February 2, Softpedia
– (International) Compromised WordPress sites hijacked over and over
again to show unwanted ads. Security researchers from Sucuri discovered a
new campaign that targets WordPress Web sites after finding that all of the
sites’ JavaScript files were infected with malicious codes to load an iframe,
show advertisements, and leave an unknown backdoor on each Web page with the
intention to reinfect Web sites once the pages were cleaned. Researchers
reported that if victims hosted several domains on the same hosting account,
all of the domains will be affected via cross-site contamination. Source: http://news.softpedia.com/news/compromised-wordpress-sites-hijacked-over-and-over-again-to-show-unwanted-ads-499775.shtml

23. February 2, Softpedia
– (International) Deja-Vu: Google fixes another RCE vulnerability in the
Mediaserver component. Google released patches for its Android mobile
operating system (OS) fixing 13 flaws including 3 elevation of privilege issues
in the Qualcomm Wi-Fi driver, and 2 remote code execution (RCE) vulnerabilities
in its Mediaserver component that allowed an attacker to craft a malicious
multimedia file and cause a memory corruption in the phone’s OS, among other
exploits.

24. February
1, Softpedia – (International) Joomla zero-day accounted for the
majority of web attacks in Q4 2015. The Solutionary Security Engineering
Research Team (SERT) released a report titled, “Sert Quarterly Threat Report Q4
2015” which stated that malware attacks had increased during the past quarter,
with virus and worm numbers increasing by 236 percent compared to Quarter 3
(Q3) and that ransomware attacks were growing within the U.S., accounting for
78 percent of all malware delivered during Quarter 4 (Q4). In addition, the
report stated most violations were Web applications that targeted flaws in
Web-based software and leveraged the Joomla zero-day vulnerability in Q4, among
other information. Source: http://news.softpedia.com/news/joomla-zero-day-accounted-for-the-majority-of-web-attacks-in-q4-2015-499742.shtml

25. February 1, The
Register – (International) WirelessHART industrial control kit is
riddled with security holes. Security researchers from Applied Risk
discovered several flaws in various WirelessHART products that could enable
attackers to manipulate instruments and compromise process data integrity due
to its low security protocol within its implementation layer, allowing hackers
to extract the encryption key. Source: http://www.theregister.co.uk/2016/02/01/wirelesshart_ics_vuln/

Links

About Me

U.S. Army Retired Chief Warrant Officer with more than 40 years in information technology and 35 years in information security. Became a Certified Information Systems Security Professional in 1995 and have taught computer security in Asia, Canada and the United States. Wrote a computer security column for 5 years in the 1980s titled "for the Sake Of Security", penname R. E. (Bob) Johnston, which was published in Computer Decisions.
Motto: "When entrusted to process, you are obligated to safeguard"